jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 07:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
923721f839
openafs/doc/man-pages/pod1/fs_cleanacl.pod
Russ Allbery 6ef9f39335 man-page-name-underscore-20071111 
The NAME heading for man pages can't contain a space in the program side
or the man pages won't index with some man implementations.
2007-11-11 22:54:56 +00:00

106 lines
3.1 KiB
Plaintext
Raw Blame History

=head1 NAME
fs_cleanacl - Remove obsolete entries from an ACL
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<fs cleanacl> S<<< [B<-path> <I<dir/file path>>+] >>> [B<-help>]
B<fs cl> S<<< [B<-p> <I<dir/file path>>+] >>> [B<-h>]
=for html
</div>
=head1 DESCRIPTION
The B<fs cleanacl> command removes from the access control list (ACL) of
each specified directory or file any entry that refers to a user or group
that no longer has a Protection Database entry. Such an entry appears on
the ACL as an AFS user ID number (UID) rather than a name, because without
a Protection Database entry, the File Server cannot translate the UID into
a name.
Cleaning access control lists in this way not only keeps them from
becoming crowded with irrelevant information, but also prevents the new
possessor of a recycled AFS UID from obtaining access intended for the
former possessor of the AFS UID. (Note that recycling UIDs is not
recommended in any case.)
=head1 OPTIONS
=over 4
=item B<-path> <I<dir/file path>>+
Names each directory for which to clean the ACL (specifying a filename
cleans its directory's ACL). If this argument is omitted, the current
working directory's ACL is cleaned.
Specify the read/write path to each directory, to avoid the failure that
results from attempting to change a read-only volume. By convention, the
read/write path is indicated by placing a period before the cell name at
the pathname's second level (for example, F</afs/.abc.com>). For further
discussion of the concept of read/write and read-only paths through the
filespace, see the B<fs mkmount> reference page.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 OUTPUT
If there are no obsolete entries on the ACL, the following message
appears:
Access list for <path> is fine.
Otherwise, the output reports the resulting state of the ACL, following the
header
Access list for <path> is now
At the same time, the following error message appears for each file in the
cleaned directories:
fs: '<filename>': Not a directory
=head1 EXAMPLES
The following example illustrates the cleaning of the ACLs on the current
working directory and two of its subdirectories. Only the second
subdirectory had obsolete entries on it.
% fs cleanacl -path . ./reports ./sources
Access list for . is fine.
Access list for ./reports is fine.
Access list for ./sources is now
Normal rights:
system:authuser rl
pat rlidwka
=head1 PRIVILEGE REQUIRED
The issuer must have the C<a> (administer) permission on each directory's
ACL (or the ACL of each file's parent directory); the directory's owner
and the members of the system:administrators group have the right
implicitly, even if it does not appear on the ACL.
=head1 SEE ALSO
L<fs_listacl(1)>,
L<fs_mkmount(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink